Summary

Your seniority as a security engineer puts you in the ranks of the top talent in your field. Play a critical role at one of the world's most iconic financial institutions where security is vital.

As a Security Engineer III at JPMorgan Chase within the Cybersecurity and Technology Controls line of business, you serve as a seasoned member of a team that works to deliver software solutions that satisfy pre-defined functional and user requirements with the added dimension of preventing misuse, circumvention, and malicious behavior. Carry out critical technology solutions with tamper-proof, audit defensible methods across multiple technical areas within various business functions in support of the firm’s business objectives.

Responsibilities

• Support business technology teams to understand firm control requirements and implementations across a broad range of cloud architectures and applies specialized tools to analyze, correlate, identify, interpret, and summarize the probability and impact of threats when determining specific vulnerabilities
• Support the execution and enhancement of a long-term information risk and controls strategy designed to keep the information assets of the public cloud secure
• Deliver threat models and risk-based assessments of secure technology controls relating to cloud services, cloud platforms and architectural components
• Perform security reviews of infrastructure-as-code for cloud platform development
• Develop preventive and detective controls to enforce control requirements
• Interface with wider CTC teams ensuring platform integration with security operations, threat intelligence, infrastructure access management, and network security
• Executes security solutions design, development, and technical troubleshooting with the ability to apply knowledge of existing security solutions to satisfy security requirements for internal clients (e.g., product, platform, application owners)
• Applies specialized tools (e.g., vulnerability scanner) to analyze and correlate incident data to identify, interpret, and summarize the probability and impact of threats when determining specific vulnerabilities
• Adds to team culture of diversity, equity, inclusion, and respect

Required qualifications, capabilities, and skills

• Formal training or certification on security engineering concepts and 3+ years applied experience
• Experience in developing security engineering, and architecting solutions within public cloud technologies
• Experience with threat modeling
• Knowledge of cloud security posture management (e.g., Wiz, Prisma Cloud, Crowd Strike Falcon Cloud Security, etc.) and experience engineering with infrastructure as code (e.g., Terraform, Cloud Formation, etc.)
• Ability to convey complex security concepts to technical stakeholders
• Cloud native experience (e.g., AWS, Azure, or Google cloud)
• Experience developing security engineering solutions

Preferred qualifications, capabilities, and skills

• Cybersecurity certifications (i.e., Security, CEH, CCSP, GSEC, etc.)
• Cloud certifications would a plus (e.g., AWS, Azure, or GCP)

NA

Company Description

Our Mission

At Palo Alto Networks® everything starts and ends with our mission:

Being the cybersecurity partner of choice, protecting our digital way of life.

Our vision is a world where each day is safer and more secure than the one before. We are a company built on the foundation of challenging and disrupting the way things are done, and we’re looking for innovators who are as committed to shaping the future of cybersecurity as we are.

Who We Are

We take our mission of protecting the digital way of life seriously. We are relentless in protecting our customers and we believe that the unique ideas of every member of our team contribute to our collective success. Our values were crowdsourced by employees and are brought to life through each of us every day - from disruptive innovation and collaboration to execution. From showing up for each other with integrity to creating an environment where we all feel included.

As a member of our team, you will be shaping the future of cybersecurity. We work fast, value ongoing learning, and we respect each employee as a unique individual. Knowing we all have different needs, our development and personal well-being programs are designed to give you choice in how you are supported. This includes our FLEXBenefits well-being spending account with over 1,000 eligible items selected by employees, our mental and financial health resources, and our personalized learning opportunities - just to name a few!

At Palo Alto Networks, we believe in the power of collaboration and value in-person interactions. This is why our employees generally work full-time from our office with flexibility offered where needed. This setup fosters casual conversations, problem-solving, and trusted relationships. Our goal is to create an environment where we all win with precision.

Your Career

Cortex Customer Success Engineers are responsible for empowering our clients to automate their Security Operations, streamlining the analyst processes and helping provide return on investment for the XSOAR platform. You are a key component of our company’s success, working together with customers, partners, and their awesome Cortex colleagues.

This position works within our Cortex XSOAR Customer Success organization, helping customers with their end to end Security Operations journey. Some solutions you will work with include XSIAM, XDR, XSPANSE and others under the Cortex portfolio.

Your Impact

• Product Expertise
• Provide foundational product-level technical expertise, assisting with account setup, deployment, and basic troubleshooting of Cortex XSOAR
• Support customers in implementing and customizing automation workflows within their security operations
• Stay informed about Cortex XSOAR features and share relevant updates with customers
• Technical services include writing custom scripts and system troubleshooting
• Product Adoption
• Help drive product adoption by guiding customers through standard use cases and assisting with the integration of new features
• Conduct basic training sessions to familiarize customers with Cortex XSOAR functionalities
• Identify opportunities to enhance automation within the customer’s incident response processes
• Customer Impact
• Serve as a technical contact, assisting customers in achieving their automation goals and optimizing their security operations
• Collaborate with account teams to contribute technical input for customer success plans and execution
• Manage and escalate technical issues, ensuring appropriate resolution with support from senior colleagues

Your Experience

• Required Qualifications
• 2+ years of Experience in security operations, incident response, or a related technical field
• Basic understanding of security products and secure coding practices
• Familiarity with scripting languages such as Python, PowerShell, or JavaScript for basic customizations
• Basic Linux system administration and troubleshooting knowledge
• Understanding of security incident response principles
• 2+ years of relevant experience in customer-facing roles or technical support, with a focus on customer satisfaction
• Preferred Qualifications
• Experience with implementing or supporting automation workflows within a SOAR platform is a plus
• Ability to deliver entry-level training on product usage and automation practices
• Familiarity with network protocols and troubleshooting tools like tcpdump & Wireshark is a plus
• Possess problem-solving skills with the ability to solve for moderate complexities where analysis of situations or data requires a review of a variety of factors
• Exercises judgment within defined procedures and practices to determine appropriate action in prioritizing tasks and handle customer inquiries effectively
• Basic consultative skills for assisting both enterprise and smaller accounts

The Team

Customer Success Engineers are product experts, technical advisors, and advocates to enable our customers’ secure environments. You will act as their technical contact, building relationships to ensure proper security integrations. This includes support for adoption, basic integrations, and real-time assistance. Our Engineers offer product-level expertise during setup, deployments, and optimization, and they work on resolving escalations with guidance from senior team members.

Compensation Disclosure

The compensation offered for this position will depend on qualifications, experience, and work location. For candidates who receive an offer at the posted level, the starting base salary (for non-sales roles) or base salary + commission target (for sales/commissioned roles) is expected to be between $86,000/yr to $139,500/yr. The offered compensation may also include restricted stock units and a bonus. A description of our employee benefits may be found here.

Our Commitment

We’re problem solvers that take risks and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together.

We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at [email protected].

Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.

All your information will be kept confidential according to EEO guidelines.

Is role eligible for Immigration Sponsorship? No. Please note that we will not sponsor applicants for work visas for this position.

Information Security Officer Role Summary

The Information Security Officer is a management position responsible for overseeing the security of Bank’s information systems, primarily as it relates to cybersecurity risks, and including oversight of related services provided by the Bank’s third party IT Managed Service Provider (MSP). The ISO will monitor the risks and controls related to the Bank’s IT environment, and with the assistance of the MSP, safeguards information by ensuring that security risks are identified, assessed, mitigated and accurately reported. The ISO is responsible for developing Information security initiatives to accommodate current and future organizational needs, including budget and strategy preparation, and presentation of matters to executive management and/or IT Committee.

The ISO must lead with a focused vision, a commitment to open communication, providing and receiving constructive feedback, inspiring professional growth, and motivating through trustworthy and positive relationships to ensure a productive workplace environment.

Ensures compliance within all Bank policies and procedures, as well as all applicable state and federal banking regulations.

Essential Duties and Responsibilities include the following. Other duties may be assigned.

• Actively manages MSP relationship through consistent communication, follow up and escalation, including ensuring adherence to Service Level Agreements
• Works closely with MSP to actively ensure appropriate cyber security, administrative, physical and technical safeguards are in place to protect the Bank’s information assets from internal and external threats
• Develops and maintains an information security control framework in accordance with applicable security regulations, guidance, policies and standards (e.g., GLBA, FFIEC IT Examination Handbook, FDICIA, NIST, and other industry-relevant security standards)
• Consults with senior management and IT Committee to analyze computer system needs for management information and functional operations, to determine scope and priorities of projects, and to discuss system capacity and equipment acquisitions
• Recommends and develops plans for systems development and operations, hardware and software purchases, budget, and staffing
• Regularly review the Bank’s service and security metrics and takes action as needed
• In partnership with the MSP and the Bank’s in-house IT personnel, manages projects pertaining to the implementation, installation, and operation of information and functional systems for the organization
• Develops, implements, and monitors management information systems policies and controls to ensure data accuracy and security, as well as legal and regulatory compliance, and compliance with Bank policies and procedures
• Consults with auditors and examiners and ensures completion of remediation of relevant audit findings
• Partners with the Information Technology Officer by providing system application and technical expertise to facilitate the development of goals, policies, standards, and procedures
• Oversees the development and implementation of methods and tools to benchmark, analyze, standardize, simplify, automate, report on and continuously improve IT systems and processes to optimize levels of service and control costs
• Evaluates vendor proposals for purchases of technology solutions and services to assure adherence to technical specifications and business needs
• Develops, maintains, and tests disaster recovery plans for all systems
• Acts as committed owner of the security incident and vulnerability management processes, including the Incident Response Plan and Business Continuity Plan in collaboration with the Bank’s Information Technology Officer and MSP
• Reports relevant information security and service metrics to Bank’s IT Committee on a quarterly basis or more frequently as necessary
• Responsible for maintenance of Information Security Policy and security awareness training for Bank personnel
• Serves as the Bank’s Privacy Officer
• Maintains GLBA Risk Assessment, Cyber Security Risk Assessment and other relevant risk assessments, often with the assistance of MSP
• Assures compliance with all Bank policies and procedures, as well as, all applicable state and federal banking regulations
• Serves as a member of the Bank’s IT Committee; makes presentations and facilitates discussions at IT Committee meetings. Develops information security policies, budgets and strategic plans to be presented to IT Committee and/or the Board of Directors for approval

Supervisory Responsibilities:

• The SVP, Information Security Officer directly manages the Information Security Team.
• Responsible for overseeing the information security services provided by the MSP and holding the MSP accountable to its service commitments to the Bank.

Required Qualifications:

• Minimum of 10 years of relevant experience, including in a 3rd party IT managed service provider environment
• Bachelor’s degree or work experience equivalent with sufficient background in information security and business management disciplines
• Must possess relevant professional certification(s), such as CISSP, CISSO, CISA and/or CISM
• Experience managing projects or programs to achieve information security objectives
• Understanding of current technology and regulatory trends affecting financial institution information security programs

Preferred Qualifications:

• Demonstrated ability to analyze security and technology control effectiveness
• Ability to evaluate, analyze, synthesize information to make decisions
• Ability to interact with a wide range of internal staff members and external professionals, including regulators, consultants, auditors, legal counsel and others
• Strong understanding of computer systems, networks, security, telecommunications, databases, and storage systems
• Ability to successfully participate and lead the execution of complex, enterprise-level projects with different teams with diverse personalities
• Skilled at both working solo on projects and equally at working closely and collaboratively with team members, sharing out responsibilities
• Effective analytical skills with an ability to identify issues and resolve, or identify the resources to assist in resolution
• Able to address issues quickly. Comfortable taking on multiple, concurrent projects and working under tight deadlines to address critical issues
• Strong organizational planning skills and understanding of project management concepts
• Tolerant of ambiguity and the flexibility to work well in a dynamic environment with evolving priorities
• Strong professional and technical communication skills (both written and verbal)
• Expertise in deploying and supporting SaaS applications, especially with SAML/SSO products like Okta
• Knowledge of administration of mobile computing products using enterprise management tools
• Able to troubleshoot difficult and complex problems with applications
• Comfortable and confident in speaking openly, whether with team members or executives, always leading with a positive, service-oriented attitude
• Flexible and innovative team player with a roll-up-the-sleeves attitude and a hands-on approach
• Ability to manage time effectively and be focused on setting and executing clear objectives and priorities
• Commitment to excellence and high standards
• Ability to demonstrate excellent customer service and interpersonal skills
• Excellent communication, explanatory, writing and relationship-building skills, with an ability to prioritize, negotiate, and work with a variety of internal and external stakeholders
• Willing to work flexible hours including evenings and weekends as the job demands and travel as required

Physical/Mental Demands & Work Environment:

The incumbent in the course of performing this position frequently spends time writing, typing, speaking, listening, operating basic business equipment, seeing (such as close, color and peripheral vision, depth perception and adjusted focus), sitting, walking, standing, reading documents or instruments, detailed work, problem solving, client contact, reasoning, math, language, presentations, verbal and written communication, analytical reasoning, stress, multiple concurrent tasks, and constant interruptions. The incumbent for this position will occasionally lift between 5-25 pounds, pull, squat, kneel and reach. The incumbent is in a non-confined office-type setting in which he or she is free to move about at will. The work environment is typically quiet to a moderate noise level.

Travel is required. It is primarily local during the business day, and occasionally there will be out-of-area and overnight travel.

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Management reserves the right to change this position description at any time.

Management reserves the right to change this position description at any time according to business needs.